One Photo Could Have Hacked Your WhatsApp And Telegram Account

Next time if anyone sends you a photo of a hot chick on WhatsApp or On Telegram then be careful before clicking on the photo- It might hack your account within a second.

Hackers have managed to find a method that is even too complex for access to all of our conversations.

The hack only affected the browser-based version of WhatsApp or Telegram, users using mobile app of WhatsApp or Telegram are not affected.

A new flaw has recently been patched by end-to-end encryption messaging platform WhatsApp and Telegram. Which allow an attacker to hijack anyone account just by having a user click on the photo.

The vulnerability was in both messaging process images and multimedia files without verifying that they might have any malicious code inside – According to checkpoint security researchers.

To exploit this flaw an attacker needs to embed the malicious code within the photo. Once the victim clicks on it, the attacker could have the full access to the user’s account.

An attacker could access to his messages and can manipulate chat sessions, can access personal chats, photos, videos, audios and all shared files.

An attacker could do mass attack by leapfrogging accounts, the attacker can send the malicious code laden photo to everyone in the victim contact list, thus can hijack mass accounts.

Video Demonstration

Here is the video demonstration provided by the security researchers.

WhatsApp Web Account Takeover.

Telegram Web Account Takeover.

Why It Went Undetected

WhatsApp and Telegram both use end-to-end encryption to ensure that nobody except the send and the receiver can read the message between.

And the same security helps the vulnerability to evade the detection, as no one can access the content between the receivers and sender, and thus were unable to prevent the malicious content from being running.

“Since messages were encrypted without being validated first, WhatsApp and Telegram were blind to the content, thus making them unable to prevent malicious content from being sent,” the researchers writes in a blog post.

WhatsApp has fixed the vulnerability within 24 hours on Thursday, March 8, while Telegram patched the vulnerability on Monday

Since the vulnerability has been fixed on the server end so users don’t have to update any app, instead users just need to restart their browser.

“It’s a big vulnerability in a significant service,” said Oded Vanunu, head of product vulnerability research at Check Point. “Thankfully, WhatsApp and Telegram responded quickly and responsibly to deploy the mitigation against exploitation of this issue in all web clients.”

Vulnerability Got Fixed

Content on the web version will now be validated before the end-to-end encryption shared by the users, allowing malicious content to be blocked.

Get more stuff like this
in your inbox

Subscribe Us And Get Latest Tech News, Hacking News, Science News, And Latest Gadgets News Directly Delivered To Your Inbox

Thank You For Subscribing. Verification Email Has Been Send To You. Please Verify !

Something Went Wrong.


Please enter your comment!
Please enter your name here